A victim of a SIM card swap attack gives a detailed account of how he lost his phone number and email account.
The Reddit user @Vmn551 said, “At about 11:58 PM I received a text that a new phone service had been activated on my number with a carrier I don’t use.”
He added: “It came with a link to a password-protected (PIN setup when the service was purchased) PDF file that contained the contract for the start of service. I had a friend of mine crack the password to the PDF which ended up being 13371337 (lol). They filled out the form with bogus info for the name and address.”
The Reddit user said that his phone number had already been taken and that his phone had lost service, preventing him from texting or making phone calls.
He also tried logging into his email account but the password had been changed.
Since his mobile number was linked to his email account, the attacker was able to use his number to get the code to reset the password.
He added: “I thought I had removed the phone number from this account but apparently I missed it.”
What He Did During The Attack
@Vmn551 said last year, he predicted the attack and moved the majority of his 2FA to Google Authenticator instead of SMS, which saved his life.
“At around 1:44 AM I was thankfully able to regain access to my email account by using my backup email address on file which the attacker thankfully hadn’t changed, and also provided some other info to my email provider to prove ownership.” He said.
He added: “At first nothing seemed out of place until I checked my deleted messages folder and saw password reset requests for three different cryptocurrency exchanges I have held accounts on. Two of these don’t hold many funds but the third currently holds a fair amount of my coins. (This is another reason you should keep your coins off of the exchange).”
Google Authentication and 2FA
The Reddit user said he had Google Authenticator 2FA setup on for all of his accounts so the hackers were not able to gain access and drain his funds.
He added: “Anyone using SMS verification should switch to Google Authenticator because this is the one thing that kept my coins safe. I still need to recover my phone number and at this point I feel like I should change my number or carrier. My mobile carrier only requires a 4 digit pincode to login and make changes which is probably one of the weakpoints that allowed this attack to happen.”
The sim swap victim said he believes his information was leaked in the Ledger breach that happened last year and he was positive that the leak is what caused his attack.
@Vmn551 said: “Please exercise caution, secure your passwords and enable Google Authentication and 2FA on everything you can.”
He added: “So I spent all day at the carrier stores to get this figured out. Since my number was ported over, then cancelled, I was unable to port it back to my original carrier to finish out my month of service.”
SIM swap scam
The SIM swap scam is a sort of account takeover fraud that takes use of a flaw in two-factor authentication and two-step verification, with the second factor or step being a text message (SMS) or a phone call.
SIM swapping has been used in a number of high-profile hacks.